For now the LulzSec ship sails on, contrary to reports of an "arrest" by phantom FBI agents. The group today posted information from two more hacked Sony properties. (Source: LulzSec)

Merry brigade's run isn't over yet

There's been some interesting developments in the case of now-legendary griefers LulzSec ("Lulz Security"). Today some news network reported that a member of LulzSec was arrested by "FBI agents". These reports emerged around the same time as an outage of the group's site so most assumed them to be true, but are they?

I. LulzSec Hacked?

Reports of LulzSec being "hacked" started at 2:39 a.m. EST when "lulzfail@hotmail.com" emailed the security mailing list SecLists.org with a post "Lulzsec == pwnt".

The posted led to a tar file, which contained some nondescript server/chat log-looking text file dumps. Interesting.

Just following the hack, LulzSec chat logs appeared online detailing a government raid of their chat server, stating “military hackers are trying to hack us.” They stated one member of the group, Robert Cavanaugh, was arrested. He is now allegedly in FBI custody.

NOTE: Robert Cavanaugh has graciously contacted us and stated:

A lot of the information isn't correct I was never arrested that picture isnt me.

He acknowledges that he was a security professional and experienced hacker looking to expand his skills, but that the allegations appearing in various reports were slander against him.

He was only peripherally associated with members of Lulzsec, and did not participate in the group's attacks.

The release came as there was a claim — totally unconfirmed — that a member of the group has been arrested by the FBI. The claim was made on the Full Disclosure mailing list, an independent free-wheeling mailing list that focuses on computer security. The message, which was sent by someone using the Hushmail secure email service, contained what is said to be a chat log from Lulzsec’s private IRC chat server, then mentions at the end that “one of them is already in FBI custody.” I have calls into FBI offices in Washington and New York, trying to corroborate the claim of the arrest.

He cautions:

Obviously, it’s possible that the claim is completely made up. It could be an attempt by someone to falsely implicate someone as a member of the group, throw off the trail, or just a nasty prank.

But then gleefully speculates:

But if an arrest has been made, and the person arrested is a member of LulzSec, then it would probably be a fairly short time until other members are arrested too.

Even ArsTechnica joined in. And at approximately 5 p.m. EST Slashdot admin "SoulSkill" published a user submitted story from "jjp9999" who wrote:

"LulzSec was compromised and a member of the group, Robert Cavanaugh, was arrested by the FBI on June 6. Meanwhile, LulzSec hacked Sony again, this time leaking the Sony Developer Network source code through file sharing websites."

Unfortunately all of these reporters were mislead to varying degrees (and those who expressed credulity or urged caution were wise to do so). It turns out the hack of Mr. Cavanaugh dates back to 2010, as seen here, in this cached log on the page 4Chan.

In a series of PNG images and TXT files several teen hackers ("Xero", "XYZ" (Cavanaugh), and others) had their names and home addresses posted. The teen hackers appeared to have run afoul of Anonymous or some other more seasoned hackers.

According to several anonymous sources we received, XYZ (Cavenaugh) was trying to join LulzSec, but was never a full member. Purportedly he was arrested in early May, following the LulzSec hack of Square Enix (TYO:9684). Internet Relay Chat (IRC) conversations have since surfaced online indicating that XYZ was not truly involved in the hack and that the hackers purposefully defaced pages to look like they were hacked by Xero, XYZ, Chipp1337, Venuism, and XiX as a prank.

Suffice it to say these young men ostensibly have nothing to do with LulzSec getting "pwnt", particularly not over the recent Sony intrusions.

LulzSec took to Twitter at around 6 p.m. denying that they had been hacked. Shortly thereafter ArsTechnica and The Epoch Times updated their posts to reflect this, with ArsTechnica even catching wind of the suspect PasteBin that was a few weeks old (but failing to mention the much older 4Chan post from Oct. 2010). As of press time Slashdot and All Things Digital still haven't updated with LulzSec's statement.

II. But the Site was Down!

The reports of the LulzSec arrest poured in like rain -- and around the same time the group's site went down. Many speculated this was further sign of some sort of massive hack of LulzSec. Based on the posts on the mailing list some claimed that the group had been hacked using remote root access and had stored root passwords in their email -- embarrassing security mistakes if true.

But in reality the group's site was likely getting stressed by a much bigger true story and the outage was merely an unfortunate coincidence.

The group early this morning had cheered the release of yet another data dump [1][2][3] from a hacked Sony Corp. (6758) property. Sony has of late become the whipping boy for the hacker community, for reasons we outline here. These attacks were the sixteenth major attack [1][2][3][4][5] on Sony, thus far.

This time around, the attackers had made off with a 54 MB code dump from Sony Computer Entertainment’s Developer Network, and an internal network map of Sony BMG. The blog "attrition.org" listed the attack as the sixteenth major intrusion at Sony since the attacks began in April.

LulzSec mocked:

Konichiwa from LulzSec, Sony bastards!

We've recently bought a copy of this great new game called "Hackers vs Sony", but we're unable to play it online due to PSN being obliterated. So we decided to play offline mode for a while and got quite a few trophies. Our latest goal is "Hack Sony 5 Times", so please find enclosed our 5th Sony hack.

So LulzSec appears to have DDOSed itself with all the excitement it generated.

III. What's Next

While the "arrest" this time proved false, it's very possible that the group may eventually see some sort of real world law enforcement action. The group is making powerful enemies -- namely the U.S. Federal Bureau of Investigation and Sony. And while these entities have yet to prove their security competence, they have the advantage of money on their side.

So far LulzSec has only seen incompetent attacks, such as an attempt to SQL inject the group's static pages on lulzsecurity.com. The group posted via Twitter:

Someone is trying to SQL inject our static pages on LulzSecurity.com - we can see you trying it, you are really embarrassing yourself. <3

Shortly thereafter they DDOSed the attacker IP.

But, according to some, LulzSec is burning through whatever community sympathy it generated by publishing user names and passwords, which it stole from Sony. Such actions -- particularly the group's decision to publish private information on innocent gamers and elderly contest entrants -- may eventually provoke retaliation from the broader hacker community as well, which is already a bit annoyed at LulzSec for trying to DDOS the servers of veteran hacker publication 2600 and flame-baiting anti-terrorist veteran hacker th3j35t3r ("The Jester") on Twitter.

The group remains as defiant as ever. And as usual they're not talking to the media (or "fucking media bullshit" in their words). That silence combined with the overeagerness of online media means that this won't likely be the last time the story gets confused. For now the LulzSec "ship" sails on.